If a list of IPv4 addresses is used, PF expands the list to multiple single-address rules.

If a table is used instead, PF requires the explicit inet, as the table could contain either IPv4 or IPv6 addresses. The divert-to filter option does not alter packets; they are required to be diverted within the same address family. In this case, that is IPv4.

Last edited by jggimi; 21st December 2013 at 09:17 PM.
Reason: expanded remarks